General
-
Target
arm7
-
Size
135KB
-
Sample
211125-tagh5sbaa5
-
MD5
cf5903921d843e5851f6b4f367f42750
-
SHA1
8095beebfa12ac05ea1b796175ef00fa13375b18
-
SHA256
e872670529082cb5d3bc3257cefdedafa15127665418503ea240cd390b918a01
-
SHA512
c6a333ef17a86386b7fa8ba048d06114556f3a86b98c4042439396a85ac912960d423e15194517fe46de6b087e34c993047521c938ec6d1f0b7bd4fd9e17e81b
Static task
static1
Behavioral task
behavioral1
Sample
arm7
Resource
debian9-armhf-en-20211025
Malware Config
Targets
-
-
Target
arm7
-
Size
135KB
-
MD5
cf5903921d843e5851f6b4f367f42750
-
SHA1
8095beebfa12ac05ea1b796175ef00fa13375b18
-
SHA256
e872670529082cb5d3bc3257cefdedafa15127665418503ea240cd390b918a01
-
SHA512
c6a333ef17a86386b7fa8ba048d06114556f3a86b98c4042439396a85ac912960d423e15194517fe46de6b087e34c993047521c938ec6d1f0b7bd4fd9e17e81b
Score9/10-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Write file to user bin folder
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-